Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-1946 Inadequate Encryption Strength vulnerability in Tata Integrated Dialer 1.2.000
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
local
low complexity
tata CWE-326
5.5
2002-12-31 CVE-2002-1915 Improper Locking vulnerability in multiple products
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
local
low complexity
openbsd netbsd freebsd CWE-667
5.5
2002-12-31 CVE-2002-1914 Improper Locking vulnerability in Dump Project Dump 0.4
dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.
local
low complexity
dump-project CWE-667
5.5
2002-12-31 CVE-2002-1912 NULL Pointer Dereference vulnerability in Skystream Emr5000 1.16/1.17/1.18
SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.
network
low complexity
skystream CWE-476
7.5
2002-12-31 CVE-2002-1910 Inadequate Encryption Strength vulnerability in Click-2 Ingenium Learning Management System 5.1/6.1
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.
network
low complexity
click-2 CWE-326
7.5
2002-12-31 CVE-2002-1872 Inadequate Encryption Strength vulnerability in Microsoft SQL Server
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
network
low complexity
microsoft CWE-326
7.5
2002-12-31 CVE-2002-1869 Improper Locking vulnerability in Heysoft Eventsave and Eventsave+
Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.
local
low complexity
heysoft CWE-667
3.3
2002-12-31 CVE-2002-1850 Improper Locking vulnerability in Apache Http Server 2.0.39/2.0.40
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
network
low complexity
apache CWE-667
7.5
2002-12-31 CVE-2002-1844 Incorrect Default Permissions vulnerability in Microsoft Windows Media Player 6.3
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
local
low complexity
microsoft CWE-276
7.8
2002-12-31 CVE-2002-1820 Improper Handling of Case Sensitivity vulnerability in Ultimate PHP Board Project Ultimate PHP Board 1.0
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."
network
low complexity
ultimate-php-board-project CWE-178
critical
9.8